A Guide to Threat Hunting in a SOC

**Executive summary:** This post advocates a proactive, research-driven threat hunting approach and demonstrates practical hunts for lateral movement using Cobalt Strike and Impacket (e.g., WMIExec and Cobalt Strike Jump), providing example Sysmon events, command-line patterns, registry/service artifacts, admin-share file paths, sample queries, and a recommended hunt lifecycle to convert high-confidence hunts into detections.